Creating SSH keys

Find out how to create SSH keys for a secure connection to your dedicated server

Last updated 31st March 2022


Using the SSH protocol enables a secure channel over an unsecured network in a client-server architecture, connecting an SSH client with an SSH server. Creating an SSH key set provides you with a public and a private key. You can place the public key on any server, and then unlock it by connecting to it with a client that already has your private key stored on it. If the SSH key sets match up, you will be logged in without needing a password.

This guide explains how to create SSH keys and then use them to securely access your server.

Please note that SSH keys are not used for authentication on servers running the Windows operating system. For Windows servers, you will still need to use a username and password.



Creating an SSH key using a Linux or Mac operating system

From a Mac computer or a device with a Linux OS installed, first open the command line application (Terminal).

Verify that you have a ".ssh" folder in your $HOME directory. If the folder does not exist, create it:

# mkdir ~/.ssh

Use the following command to create a 4096 bit RSA key:

# ssh-keygen -b 4096

Using the "-t" option with this command allows you to specify a different encryption method, for example:

# ssh-keygen -t ed25519 -a 256

The command will prompt you to save the newly created key in the standard file:

Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa):

You can accept the default file by pressing "↩". Now you will have the option to enter a passphrase to password-protect your SSH key. This is recommended for added security.

Your SSH keys should be stored in the ".ssh" directory. The public key file will have ".pub" added to the filename.

Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/
The key fingerprint is:
SHA256:MRk+Y0zCOoOkferhkTvMpcMsYspj212lK7sEauNap user@hostname
The key's randomart image is:
+---[RSA 4096]----+
|     .. o        |
|    . .= o       |
|   o o  X        |
|. . . .          |
|. .=.o .S.       |
| =o.o.  .   .    |
|o +   .  . o ..  |
|.. .  .   oEoo . |
|o.        .o+oo  |

The private key should always be kept safe, and access to it strictly limited to authorised people only.

In order to view and export your public key, use the "cat" command on your ".pub" key file and copy the output:

# cat ~/.ssh/
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8teh2NJ42qYZV98gTNhumO1b6rMYIkAfRVazl

In a MacOS Terminal, you can also use the "pbcopy" and "pbpaste" commands to handle key strings. For example, use this command to copy the key from the file "" to the clipboard:

$ pbcopy < ~/.ssh/

Creating an SSH key using PuTTY (for Windows)

PuTTY is an open source SSH client software with a graphical user interface, available for Windows and other operating systems. You can use it to remotely connect to a Linux server. Its companion software, PuTTY Key Generator (PuTTYgen), can be used to create SSH keys.

First, download PuTTY from the official website, if it is not already installed. The recommended standard installation package includes PuTTYgen but it is available as a standalone file there as well. To find out if you have it available already, check your "programs" menu or use the Windows Search.

Open PuTTYgen and select a supported encryption algorithm. The example uses RSA. Enter 4096 as the number of bits, then click the Generate button.

putty key

Now, randomly move your mouse cursor about the area below the progress bar:

putty key

The key is ready when the progress bar is full.

putty key

You can select and copy the public key from this window. There is also the option to save the keys into files.

Adding SSH keys to your server

Navigate to your $HOME directory and create the ".ssh" folder (if it does not exist):

$ mkdir ~/.ssh

To store the key for the current user, open a file named "authorized_keys" with your preferred text editor:

$ nano ~/.ssh/authorized_keys

Copy and paste your public key into this new file. Save the file and exit the editor. Reboot your server or only restart the OpenSSH daemon (the appropriate command may vary depending on your OS):

$ systemctl restart sshd

To verify that your key has been set up properly, attempt to access your server via SSH using the following command. Replace "IP_ADDRESSorHOSTNAME" with the IP address or hostname of the server you are trying to access:


Adding additional keys to your server

To add SSH keys for additional users, simply repeat the previous steps but use the appropriate $HOME directory to create that user's unique key.

Removing authorised keys from your server

Delete the key which corresponds to the user having their access revoked from your "authorized_keys" file. Upon removing the key, save the file and exit the text editor.

Importing your SSH key into the OVHcloud Control Panel

The OVHcloud Control Panel allows you to store public keys created using one of the supported encryption types (currently RSA, ECDSA, ED25519).

Open the sidebar navigation by clicking on your name in the top right corner and use the shortcut Products and services.

SSH key control panel

In "My services", switch to the SSH keys tab and click on Add an SSH key.

SSH key control panel

Select "Dedicated" from the drop-down menu.

In the new window, enter an ID (a name of your choice) for the key. Paste the key string (copied from your ".pub" file or the PuTTYgen window) into the "Key" field.

SSH key control panel

If you have copied the full output, the identifier after the key should already be included. Note that in order to store your key, you will need to always specify your identifier after the pasted key. This is a requirement of the OVHcloud Control Panel. (See the example format above.) Click Confirm to store your public key.

Any keys saved in the "Dedicated" section will be usable for your VPS services as well. Regarding SSH keys for Public Cloud services, please refer to this guide.

Setting a default SSH key (only for the “Dedicated” section)

If you have added multiple SSH keys in your Control Panel, it is possible to set one key to be used as the default key on the account.

Please note that once a default key is set, it will also be used as the means of connection once a server is rebooted in rescue mode. To receive a password instead, the default key must be disabled before rebooting the server in rescue mode.

Open the sidebar navigation by clicking on your name in the top right corner and use the shortcut Products and services.

SSH key control panel

In the list of keys, click on the Key icon next to the SSH key of your choice to set it as the default key.

SSH key control panel

Once done, a popup message will appear confirming the key has been set as default and the Key icon will be highlighted.

SSH key control panel

Disabling the SSH key

To disable the SSH key, perform the same steps as above and click on the Key icon next to the corresponding SSH key and disable the default option.

Go further

Join our community of users on

Did you find this guide useful?

Please feel free to give any suggestions in order to improve this documentation.

Whether your feedback is about images, content, or structure, please share it, so that we can improve it together.

Your support requests will not be processed via this form. To do this, please use the "Create a ticket" form.

Thank you. Your feedback has been received.

These guides might also interest you...

OVHcloud Community

Access your community space. Ask questions, search for information, post content, and interact with other OVHcloud Community members.

Discuss with the OVHcloud community

In accordance with the 2006/112/CE Directive, modified on 01/01/2015, prices incl. VAT may vary according to the customer's country of residence
(by default, the prices displayed are inclusive of the UK VAT in force).